Category Archives: Corporate Espionage

SEC Disbands ESG Enforcement Task Force

by John F. Savarese, Wayne M. Carlin, David B. Anders, and Carmen X. W. Lu

Photos of authors

Left to right: John F. Savarese, Wayne M. Carlin, David B. Anders and Carmen X. W. Lu. (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

The U.S. Securities and Exchange Commission (“SEC”) has disbanded its Climate and ESG Task Force in the Division of Enforcement. The Task Force was established in March 2021 with the purpose of identifying ESG-related misconduct, including material gaps or misstatements in issuers’ disclosure of climate risks, and assessing disclosure and compliance issues relating to investment advisers’ and funds’ ESG strategies. According to the SEC, the “expertise developed by the task force now resides across the Division” signaling that the SEC will continue to pursue ESG-related matters as part of its broader enforcement strategy.

Continue reading

SEC Charges SolarWinds and Its CISO with Fraud and Internal Controls Failures

by Nicole Friedlander, Anthony J. Lewis, Robert W. Reeder, John B. Sarlitto, Michael S. Drell, and Paulena B. Prager

Photos of the authors

Left to right: Nicole Friedlander, Anthony J. Lewis, Robert W. Reeder, John B. Sarlitto, Michael S. Drell, and Paulena B. Prager (Photos courtesy of Sullivan & Cromwell LLP)

Complaint Alleges Knowledge and Concealment of Poor Cybersecurity Practices and Heightened Cyber Risks

SUMMARY

On October 30, 2023, the Securities and Exchange Commission (“SEC”) filed a complaint against SolarWinds Corporation (“SolarWinds”) and its Chief Information Security Officer (“CISO”), alleging securities fraud and failures of reporting, internal control over financial reporting, and disclosure controls and procedures, in connection with a compromise of the company’s software product that was publicly revealed in December 2020.[1] The complaint (“Complaint”), filed in the Southern District of New York, alleges that SolarWinds and its CISO misled investors and customers about known, material cybersecurity weaknesses and risks, including several that allegedly enabled the compromise, through which U.S. government networks and corporations were infiltrated in a cyber espionage campaign by the Russian government. The SEC alleges that the defendants made materially false and misleading statements and omitted material facts on SolarWinds’ website and in its blog posts, press releases, initial registration statement (“Form S-1”), quarterly and annual SEC reports, and the current report on Form 8-K in which SolarWinds first disclosed the compromise. The SEC seeks declaratory and injunctive relief, disgorgement, a civil monetary penalty in an unspecified amount, and an order permanently prohibiting the CISO from acting as an officer or director of a public company.

Continue reading

DOJ Leadership Highlights National Security Focus and Previews New Corporate Enforcement Guidance

by Greg D. Andres, Uzo Asonye, Martine M. Beamon, Robert A. Cohen, Daniel S. Kahn, Tatiana R. Martins, Fiona R. Moran, Paul J. Nathanson, and Patrick S. Sinclair

Photos of the authors

Top left to right: Greg D. Andres, Uzo Asonye, Martine M. Beamon, Robert A. Cohen, and Daniel S. Kahn.
Bottom left to right: Tatiana R. Martins, Fiona R. Moran, Paul J. Nathanson, and Patrick S. Sinclair.
(Photos courtesy of Davis Polk & Wardwell LLP)

In recent speeches, Deputy Attorney General Lisa Monaco and Principal Associate Deputy Attorney General Marshall Miller laid out how the DOJ uses active corporate criminal enforcement and interdepartmental cooperation to preserve national security and the rule of law, and previewed forthcoming compliance guidance on M&A deals.

Continue reading

Theft of Federal Funds Highlights Expanding Cyber Threat from Foreign Actors

by John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Steven C. Herzog, and David Kessler

Photos of the authors

From Left to Right: John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Steven C. Herzog, and David Kessler

The Secret Service has reported that APT41, a hacking organization, stole roughly $20 million in federal COVID-19 relief funds by obtaining access to the computer systems of a number of U.S. states beginning in mid-2020.[1]  According to the Secret Service, APT41 is a “Chinese state-sponsored, cyberthreat group that is highly adept at conducting espionage missions and financial crimes for personal gain.”[2]  While experts are uncertain regarding whether the breach by APT41 was ordered by the PRC government or merely tolerated, the Secret Service announcement marks the first public confirmation by a federal agency of a state-affiliated hacking group breaching U.S. cyber defenses to steal federal funds. According to the government, the hackers obtained unemployment insurance funds and Small Business Administration loans from more than a dozen states.[3]  The true scope of the breach remains unclear, with officials speculating that government networks in all 50 states were likely targeted.[4]  The Secret Service has further linked the APT41 intrusion to the organization’s broader efforts to access and interrogate state networks.[5]

Continue reading